Another critical vulnerability has been discovered in Adobe Flash Player.

Adobe has released the second weekly security notice APSA15-04 , which is dedicated to the critical RCE vulnerability CVE-2015-5122. Like its predecessor, this vulnerability allows you to remotely execute code in popular browsers and bypass the sandbox mechanism. The exploit for this vulnerability was also archived with leaked data from the Hacking Team . The working version of the exploit has already been posted online by the same author who previously published the exploit for CVE-2015-5119 .



There is a serious danger of embedding this 0day exploit into popular exploit kits for installing malware on fully updated up-to-date versions of Windows, and this can be done very soon. The exploit for the last 0day vulnerability Flash Player CVE-2015-5119 for several days has been adapted for use in six sets of exploits at once.
')
CVE-2015-5122 is present in versions of Flash Player for Windows, OS X and Linux. The company is going to close this vulnerability tomorrow, July 12th.


Fig. Part of the exploit code Flash Player, which specializes in creating a process in a 32-bit version of Windows, after successful exploitation of the vulnerability.

We strongly recommend that users disable Flash Player for their browser before the release of the fix by Adobe. Instructions for this process can be found here .


be secure.